* [PATCH] MIPS: boot/compressed: Use array reference for image bounds
@ 2022-03-09 18:50 Kees Cook
2022-03-09 19:11 ` Gustavo A. R. Silva
2022-03-14 14:52 ` Thomas Bogendoerfer
0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2022-03-09 18:50 UTC (permalink / raw)
To: Thomas Bogendoerfer
Cc: Kees Cook, Randy Dunlap, linux-mips, kernel test robot,
linux-kernel, linux-hardening
As done with other image addresses in other architectures, use an
explicit flexible array instead of "address of char", which can trip
bounds checking done by the compiler. Found when building with
-Warray-bounds:
In file included from ./include/linux/byteorder/little_endian.h:5,
from ./arch/mips/include/uapi/asm/byteorder.h:15,
from ./arch/mips/include/asm/bitops.h:21,
from ./include/linux/bitops.h:33,
from ./include/linux/kernel.h:22,
from arch/mips/boot/compressed/decompress.c:13:
arch/mips/boot/compressed/decompress.c: In function 'decompress_kernel':
./include/asm-generic/unaligned.h:14:8: warning: array subscript -1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds]
14 | __pptr->x; \
| ~~~~~~^~~
./include/uapi/linux/byteorder/little_endian.h:35:51: note: in definition of macro '__le32_to_cpu'
35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
| ^
./include/asm-generic/unaligned.h:32:21: note: in expansion of macro '__get_unaligned_t'
32 | return le32_to_cpu(__get_unaligned_t(__le32, p));
| ^~~~~~~~~~~~~~~~~
arch/mips/boot/compressed/decompress.c:29:37: note: while referencing '__image_end'
29 | extern unsigned char __image_begin, __image_end;
| ^~~~~~~~~~~
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-mips@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/mips/boot/compressed/decompress.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c
index aae1346a509a..5b38a802e101 100644
--- a/arch/mips/boot/compressed/decompress.c
+++ b/arch/mips/boot/compressed/decompress.c
@@ -26,7 +26,7 @@ unsigned long free_mem_ptr;
unsigned long free_mem_end_ptr;
/* The linker tells us where the image is. */
-extern unsigned char __image_begin, __image_end;
+extern unsigned char __image_begin[], __image_end[];
/* debug interfaces */
#ifdef CONFIG_DEBUG_ZBOOT
@@ -91,9 +91,9 @@ void decompress_kernel(unsigned long boot_heap_start)
{
unsigned long zimage_start, zimage_size;
- zimage_start = (unsigned long)(&__image_begin);
- zimage_size = (unsigned long)(&__image_end) -
- (unsigned long)(&__image_begin);
+ zimage_start = (unsigned long)(__image_begin);
+ zimage_size = (unsigned long)(__image_end) -
+ (unsigned long)(__image_begin);
puts("zimage at: ");
puthex(zimage_start);
@@ -121,7 +121,7 @@ void decompress_kernel(unsigned long boot_heap_start)
dtb_size = fdt_totalsize((void *)&__appended_dtb);
/* last four bytes is always image size in little endian */
- image_size = get_unaligned_le32((void *)&__image_end - 4);
+ image_size = get_unaligned_le32((void *)__image_end - 4);
/* The device tree's address must be properly aligned */
image_size = ALIGN(image_size, STRUCT_ALIGNMENT);
--
2.32.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] MIPS: boot/compressed: Use array reference for image bounds
2022-03-09 18:50 [PATCH] MIPS: boot/compressed: Use array reference for image bounds Kees Cook
@ 2022-03-09 19:11 ` Gustavo A. R. Silva
2022-03-14 14:52 ` Thomas Bogendoerfer
1 sibling, 0 replies; 3+ messages in thread
From: Gustavo A. R. Silva @ 2022-03-09 19:11 UTC (permalink / raw)
To: Kees Cook
Cc: Thomas Bogendoerfer, Randy Dunlap, linux-mips, kernel test robot,
linux-kernel, linux-hardening
On Wed, Mar 09, 2022 at 10:50:32AM -0800, Kees Cook wrote:
> As done with other image addresses in other architectures, use an
> explicit flexible array instead of "address of char", which can trip
> bounds checking done by the compiler. Found when building with
> -Warray-bounds:
>
> In file included from ./include/linux/byteorder/little_endian.h:5,
> from ./arch/mips/include/uapi/asm/byteorder.h:15,
> from ./arch/mips/include/asm/bitops.h:21,
> from ./include/linux/bitops.h:33,
> from ./include/linux/kernel.h:22,
> from arch/mips/boot/compressed/decompress.c:13:
> arch/mips/boot/compressed/decompress.c: In function 'decompress_kernel':
> ./include/asm-generic/unaligned.h:14:8: warning: array subscript -1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds]
> 14 | __pptr->x; \
> | ~~~~~~^~~
> ./include/uapi/linux/byteorder/little_endian.h:35:51: note: in definition of macro '__le32_to_cpu'
> 35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
> | ^
> ./include/asm-generic/unaligned.h:32:21: note: in expansion of macro '__get_unaligned_t'
> 32 | return le32_to_cpu(__get_unaligned_t(__le32, p));
> | ^~~~~~~~~~~~~~~~~
> arch/mips/boot/compressed/decompress.c:29:37: note: while referencing '__image_end'
> 29 | extern unsigned char __image_begin, __image_end;
> | ^~~~~~~~~~~
>
> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
> Cc: Randy Dunlap <rdunlap@infradead.org>
> Cc: linux-mips@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Thanks
--
Gustavo
> ---
> arch/mips/boot/compressed/decompress.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c
> index aae1346a509a..5b38a802e101 100644
> --- a/arch/mips/boot/compressed/decompress.c
> +++ b/arch/mips/boot/compressed/decompress.c
> @@ -26,7 +26,7 @@ unsigned long free_mem_ptr;
> unsigned long free_mem_end_ptr;
>
> /* The linker tells us where the image is. */
> -extern unsigned char __image_begin, __image_end;
> +extern unsigned char __image_begin[], __image_end[];
>
> /* debug interfaces */
> #ifdef CONFIG_DEBUG_ZBOOT
> @@ -91,9 +91,9 @@ void decompress_kernel(unsigned long boot_heap_start)
> {
> unsigned long zimage_start, zimage_size;
>
> - zimage_start = (unsigned long)(&__image_begin);
> - zimage_size = (unsigned long)(&__image_end) -
> - (unsigned long)(&__image_begin);
> + zimage_start = (unsigned long)(__image_begin);
> + zimage_size = (unsigned long)(__image_end) -
> + (unsigned long)(__image_begin);
>
> puts("zimage at: ");
> puthex(zimage_start);
> @@ -121,7 +121,7 @@ void decompress_kernel(unsigned long boot_heap_start)
> dtb_size = fdt_totalsize((void *)&__appended_dtb);
>
> /* last four bytes is always image size in little endian */
> - image_size = get_unaligned_le32((void *)&__image_end - 4);
> + image_size = get_unaligned_le32((void *)__image_end - 4);
>
> /* The device tree's address must be properly aligned */
> image_size = ALIGN(image_size, STRUCT_ALIGNMENT);
> --
> 2.32.0
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] MIPS: boot/compressed: Use array reference for image bounds
2022-03-09 18:50 [PATCH] MIPS: boot/compressed: Use array reference for image bounds Kees Cook
2022-03-09 19:11 ` Gustavo A. R. Silva
@ 2022-03-14 14:52 ` Thomas Bogendoerfer
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Bogendoerfer @ 2022-03-14 14:52 UTC (permalink / raw)
To: Kees Cook
Cc: Randy Dunlap, linux-mips, kernel test robot, linux-kernel,
linux-hardening
On Wed, Mar 09, 2022 at 10:50:32AM -0800, Kees Cook wrote:
> As done with other image addresses in other architectures, use an
> explicit flexible array instead of "address of char", which can trip
> bounds checking done by the compiler. Found when building with
> -Warray-bounds:
>
> In file included from ./include/linux/byteorder/little_endian.h:5,
> from ./arch/mips/include/uapi/asm/byteorder.h:15,
> from ./arch/mips/include/asm/bitops.h:21,
> from ./include/linux/bitops.h:33,
> from ./include/linux/kernel.h:22,
> from arch/mips/boot/compressed/decompress.c:13:
> arch/mips/boot/compressed/decompress.c: In function 'decompress_kernel':
> ./include/asm-generic/unaligned.h:14:8: warning: array subscript -1 is outside array bounds of 'unsigned char[1]' [-Warray-bounds]
> 14 | __pptr->x; \
> | ~~~~~~^~~
> ./include/uapi/linux/byteorder/little_endian.h:35:51: note: in definition of macro '__le32_to_cpu'
> 35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
> | ^
> ./include/asm-generic/unaligned.h:32:21: note: in expansion of macro '__get_unaligned_t'
> 32 | return le32_to_cpu(__get_unaligned_t(__le32, p));
> | ^~~~~~~~~~~~~~~~~
> arch/mips/boot/compressed/decompress.c:29:37: note: while referencing '__image_end'
> 29 | extern unsigned char __image_begin, __image_end;
> | ^~~~~~~~~~~
>
> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
> Cc: Randy Dunlap <rdunlap@infradead.org>
> Cc: linux-mips@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> arch/mips/boot/compressed/decompress.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
applied to mips-next.
Thomas.
--
Crap can work. Given enough thrust pigs will fly, but it's not necessarily a
good idea. [ RFC1925, 2.3 ]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-14 14:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-09 18:50 [PATCH] MIPS: boot/compressed: Use array reference for image bounds Kees Cook
2022-03-09 19:11 ` Gustavo A. R. Silva
2022-03-14 14:52 ` Thomas Bogendoerfer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).